From 321697828e234235884e9d1a98bec4eccf83eb2e Mon Sep 17 00:00:00 2001
From: "A.Unger" <zyxancf@gmail.com>
Date: Wed, 8 Sep 2021 11:27:14 +0200
Subject: [PATCH] defensive code

---
 changelog/unreleased/spaces-post.md | 10 ++++++++++
 graph/pkg/service/v0/drives.go      | 21 +++++++++++++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 changelog/unreleased/spaces-post.md

diff --git a/changelog/unreleased/spaces-post.md b/changelog/unreleased/spaces-post.md
new file mode 100644
index 000000000..555c721e6
--- /dev/null
+++ b/changelog/unreleased/spaces-post.md
@@ -0,0 +1,10 @@
+Enhancement: Create a Space using the Graph API
+
+Spaces can now be created on `POST /drive/{drive-name}`. Only users with the `create-space` permissions can perform this operation.
+
+Allowed body form values are:
+
+- `quota` (bytes) maximum amount of bytes stored in the space.
+- `maxQuotaFiles` (integer) maximum amount of files supported by the space.
+
+https://github.com/owncloud/ocis/pull/2471
diff --git a/graph/pkg/service/v0/drives.go b/graph/pkg/service/v0/drives.go
index 931227e7e..b31c25f70 100644
--- a/graph/pkg/service/v0/drives.go
+++ b/graph/pkg/service/v0/drives.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/url"
 	"path"
+	"strconv"
 	"time"
 
 	cs3rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
@@ -144,6 +145,8 @@ func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	r.ParseForm()
+
 	s := sproto.NewPermissionService("com.owncloud.api.settings", grpc.DefaultClient)
 
 	_, err := s.GetPermissionByID(r.Context(), &sproto.GetPermissionByIDRequest{
@@ -162,14 +165,28 @@ func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
 	}
 
 	spaceName := chi.URLParam(r, "drive-name")
+	if spaceName == "" {
+		errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, fmt.Errorf("invalid name").Error())
+		return
+	}
+
+	quota, _ := strconv.ParseUint(r.Form.Get("quota"), 10, 64)
+	if quota == 0 {
+		quota = 65536 // set default quota if no form value was sent.
+	}
+
+	quotaMaxFiles, _ := strconv.ParseUint(r.Form.Get("quotaMaxFiles"), 10, 64)
+	if quotaMaxFiles == 0 {
+		quotaMaxFiles = 20 // set default quotaMaxFiles if no form value was sent.
+	}
 
 	csr := provider.CreateStorageSpaceRequest{
 		Owner: us,
 		Type:  "share",
 		Name:  spaceName,
 		Quota: &provider.Quota{
-			QuotaMaxBytes: 65536,
-			QuotaMaxFiles: 20,
+			QuotaMaxBytes: quota,
+			QuotaMaxFiles: quotaMaxFiles,
 		},
 	}